Security Innovation Announces a Managed Application Security Testing
(MAST) Service to Help Enterprises Mitigate the Risk of Cyber Crime

Turnkey solution minimizes the impact of threats by balancing the
advantages of manual and automated testing and calibrating the depth of
testing to match application criticality

January 28, 2014 08:40 AM Eastern Standard Time

WILMINGTON, Mass.--(BUSINESS WIRE)--Security Innovation, an authority in Application Security assessment,
standards and training, announces the availability of a hosted
application security testing, remediation and reporting platform. For
organizations with many applications to secure, MAST provides an
optimized process to manage threats by ensuring that the appropriate
level of security testing is applied. Built upon a multi-tiered
platform, MAST is flexible enough to address the varying needs and
characteristics of any organization’s specific application landscape.

Designed for all application types, assessments range from a deep
inspection conducted by world-class security engineers, to a combination
of manual/automated testing with expert verification of vulnerabilities,
to a rapid automated scan with engineering analysis to remove false
positives. This approach helps ensure maximum ROI through decreased
costs, shortened test cycles and reduced time-to-fix. Additionally,
because MAST does not require organizations to have hardware or
infrastructure in place to begin application security testing, it can be
launched in as little as a day.

A 2013 Ponemon Institute research
study titled The Current State of Application Security
revealed that only 43% of organizations have a security testing process
in place. Additionally, less than half the respondents say their
organizations measure application security risk and believe it is well
understood and even fewer use risk metrics to guide application security
decision-making.

“Security relies heavily on consistency, and good metrics are critical
to achieving that consistency,” said Wendy Nather, Research Director at
451 Research. “This is especially the case with software security. More
enterprises are using regular testing and measurement across their
application portfolios to get a better handle on their overall risk."

Regular and iterative assessments ensure that problems are caught before
they propagate. Additionally, they enable risk trend analysis, which
helps organizations make more informed remediation and security
investment decisions. From a cost perspective, MAST ensures a practical
approach to help organizations determine the optimal application testing
needed, which typically yield a 20% to 30% reduction in cost over
individual testing services, according to company data.

“Application assessments should not be a one size fits all solution.
Business critical applications require significant time and effort while
low risk applications may require a very light touch,” said Edward
Adams, CEO of Security Innovation. “Optimization around frequency and
depth of testing based upon application criticality and business risk
can help improve ROI by enabling investment in the areas where it is
needed most and over-spending in low-risk areas.”

About MASTDesigned to fit the budget of all sized
organizations, MAST helps meet your application security vulnerability
management goals by identifying and prioritizing vulnerabilities, and
providing detailed remediation guidance in the specific technology or
platform being used. For high-risk applications, a threat model is
created to identify the most critical threats to the application and to
construct customized test plans that target high-risk areas.

Features & Benefits:

Multiple Security Testing Options: three tiers of services
based on the risk profile and business criticality of the software.
Security tests can be conducted monthly, quarterly and ad-hoc.

Accurate and expansive vulnerability reporting: expert analysis
of findings minimizesfalse positives and ensures business
logic and other vulnerabilities that can’t be found with other
approaches are looked for.

Security Innovation offers solutions based on the three pillars of the
Software Development Lifecycle (SDLC): standards, education and assessment.
For over a decade, Security Innovation has helped organizations build
internal expertise, uncover critical vulnerabilities and integrate
security into their software development lifecycle. (SDLC). The
company’s flagship products include TeamMentor
secure coding knowledgebase and TeamProfessor,
the industry’s largest library of application security eLearning courses
that covers all major platforms, technologies and development team roles.